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Abstract. In this paper, we propose a procedure that given an integer 
reset timed automaton (IRTA) A, produces a language equivalent deter- 
ministic one clock IRTA B whose size is at most doubly exponential in 
the size of A. We prove that this bound on the number of locations is 
tight. Further, if integer resets are used in stopwatch automata, a sub- 
class of stopwatch automata which is closed under all boolean operations 
and for which reachability is decidable is obtained. 



1 Introduction 

It is well known that for timed automata [3], emptiness checking is PSPACE- 
complete. This has paved the way for using timed automata in the verification 
of real-timed systems - several algorithms, tools have been built. Even though 
emptiness checking is decidable, the questions of universality, inclusion are unde- 
cidablc for non-deterministic timed automata with more than one clock. Further, 
timed automata cannot be determinizcd. Investigations have shown that even re- 
stricted classes like the one considered in [I] have undecidable universality. Some 
of the known classes where timed automata can be effectively determinized are 
event clock automata (ECA) [4] and integer reset timed automata (IRTA) [TO] . 
[5] talks about a condition satisfying which, timed automata are determinizable. 
They give a procedure to obtain a language equivalent deterministic infinite 
timed tree corresponding to a timed automaton A. The result is that A can be 
determinized if the number of clocks per node in this tree is bounded. ECA and 
IRTA fall into this category. 

Integer reset timed automata were introduced in |10j . For a imed automa- 
ton A and IRTA B, [TU] and QT| decide the question "is L(A) C L{Bf with 
non-primitive recursive complexity and EXPSPACE respectively. |12| gives a 
technique for obtaining a language equivalent determinized one clock IRTA A 
from an IRTA A, with a triply exponential blow up in the number of locations. 
Subsequently, [T3] proposes a technique to obtain from an IRTA or e-IRTA A, a 
one clock e-IRTA, with a doubly exponential blow up in the number of locations. 
The result in [T3] cannot be considered an improvement over the one in [Hj since 
the final IRTA obtained has e-moves (even when we start with an IRTA without 
e- moves) . The determinization technique suggested in [5] applied to an IRTA A, 



gives a deterministic timed automaton B (not an IRTA), whose size is doubly 
exponential in the size of A, and which has < c m + 1 clocks, where c m is the 
biggest constant used in the guards of A. 

As the main result of this paper, we show that starting with an IRTA A, we 
can obtain a detcrminized one clock IRTA B whose size is doubly exponential in 
the size of A. Comparing this result to the earlier works of [12], [T3] and [5] we 
note the following. 

— Our technique is extremely simple in comparison to the 5 — / theory used in 
p"2] , [13] . [13] introduces e moves in the one clock IRTA obtained even when 
the initial IRTA did not have any while [12] has a higher complexity. 

— [5] gives rise to a deterministic timed automaton with c m + 1 clocks, while 
we obtain a deterministic one clock IRTA. 

— Finally, we prove that the doubly exponential bound is tight. This has not 
been established in any of these earlier works. 

2 Preliminaries 

For any set S, S* (S^) denotes the set of all finite (infinite) strings over S. 
S°° = S* U S u . We consider as time domain T the set Q + or M + of non-negative 
rationals or reals, and £ a finite set of actions. A time sequence over T is a finite 
(infinite) non-decreasing sequence t = (ti)i>o ; for simplicity to is taken to be zero 
always. For t £ T, int(t) and frac(t) represent its integral and fractional parts 
respectively. A timed word over £ is defined as p = (o~,t), where a = (cj),>i is 
a finite (infinite) sequence of symbols in £ and t = (i;);>i is a finite (infinite) 
sequence in T°°. A timed language L is a set of timed words. 

We consider a finite set of variables X called clocks. A clock valuation over X 
is a map u : X — > T mapping each clock x G X to a time value. v(x) represents 
the value assigned to the clock x by v. For t £ T, the valuation u + t is defined as 
{v + t)(x) = v{x) +t 1 Mx G X. The set of all clock valuations over X is denoted 
by T . For the set of clocks X, the set of constraints (guards) over X, denoted 
by C(X) is given by <p ::= x ~ c\ipAtp\ip V tp where c G N, ^G {<, <, >, >, =, 7^}. 
Clock constraints are interpreted over clock valuations. The relation v (= ip 
(valuation v satisfies constraint ip) is defined as v f= x ~ c if v(x) ~ c. Clock 
constraints allow us to test the values of clocks. In order to change these values, 
we use the notion of resets. A reset is a subset of X which mentions which 
set of clocks are reset, v 1 = v[4> := 0] denotes v'(z) = v(z) for all z G X\(f> and 
v'{y) = for all y G <f>. The set of all possible resets is 2 X , the set of all subsets 
of X. 

Timed Automata : A timed automaton [3] is a tuple A = (L, Lq, £, X, E, F) 
where L is a finite set of locations; Lq C L is a set of initial locations; £ is a finite 
set of symbols; A is a finite set of clocks; ECLxLx£x C(X) x 2 X is the set 
of transitions and F C L is a set of final locations. C(X) and 2 X are the set of 
clock constraints and clock resets as described above. An edge e = (/, I', a, (/?, 4») 
represents a transition from I to V on symbol a, with the valuation v G T x 



satisfying the guard tp, and <f> gives the resets of certain clocks. For a location I 
and valuation (I, v) is called a state of A. 

A path is a finite (infinite) sequence of consecutive transitions. The path 
is said to be accepting if it starts in an initial location (Iq G Lq) and ends 
in a final location (or repeats a final location infinitely often). A run r 
through a path from a valuation v' (with v' (x) = for all x) is a sequence 



(<o,^o) — >(«o,^i) — > (h,V\) — > (h,v 2 ) — > {l2,v' 2 ) ■■■{In, v' n ). Note 



that vi = v[_i + (U — ti-i), vi \= ipi, and that v[ — Vi[4>% := 0],i > 1. The timed 
word corresponding to r is p = (01, ti)(cr2> • • • (c n , tn)- A timed word p is 
accepted by „4 iff there exists an accepting run (through an accepting path) over 
A, the word corresponding to which is p. The timed language L(A) accepted 
by A is defined as the set of all timed words accepted by A. In the following 
sections, we look at finite timed words. 

Region Automata: Given a set X of clocks, let TZ be a partitioning of T x . Each 
partition contains a set (possibly infinite) of clock valuations. Given a £K, the 
successors of a represented by Succ(a) are defined as a' £ Succ(a) if 3v G 
a,3t G T such that v + t G a! . The partition 1Z is said to be a sei o/ regions 
iff a' G Succ(a) <J=> W G a, 3t G T such that v + t G a' . A set of regions 
is consistent with time elapse if two valuations which are equivalent (within 
the same partition) stay equivalent with time elapse. A region a G 1Z is said 
to satisfy a clock constraint <p G C(X) denoted as a |= ip, if W G a, v |= 99. 
A clock reset </> G 2 X maps a region a to a region a[<^> := 0] = a' such that 
a' n {z/[</> := 0]} 7^ for some v G a. A set of regions 7?. is said to be compatible 
with a set of clock constraints C{X) iff V<p G C(A) and Va G 7?. exactly one of 
the following holds (a) a \= (p or (b) a |= -199. A set of regions TZ is said to be 
compatible with a set of clock resets 2 X iff a' = a[4> := 0] => W G a, 3t/ G a' 
such that v' = v[<p := 0]. 

Given a timed automaton ^4,, and a set of regions TZ compatible with C(X) 
and 2 X , the region automaton 1Z(A) = (Q,Qo, E , E' , F') is defined as follows: 
Q = L x TZ the set of locations; Qo = Lq x {cto} (cto is the region where = 
for all x G A), the set of initial locations; F' = F x TZ C Q the set of final 
locations; £7' C (Q x x Q) is the set of edges. (I, a) A (V, a') is an edge in E' 
if 3a" G TZ and a transition (l,l',a,p,(f>) G -E such that (a) a" G 5itcc(ai), (b) 
a" \= tp and (c) a' = a"[(/> := 0]. The region automaton j3] is an abstraction of 
the timed automaton accepting Untimc(L(„4)). 

Theorem 1. Let A be a timed automaton. Then the problem 0/ checking empti- 
ness of L(A) is decidable. JSjj 

2.1 Integer Reset Timed Automata 

An integer reset timed automaton (IRTA) |10j is a timed automaton A = 
(L, Lq, S, X, E, F) with the restriction that for every e = (l,l',a,<p,<j>) G E, 
if 4> 7^ then tp consists of atleast one atomic clock constraint x = c for some 
x G X, c G N. The clock constraint x — c in the guard of a resetting transition 



ensures that all the resets happen at integer time units (see also Lemma [T]). The 
timed automaton A shown in Figure POl is an IRTA. 




x := 
Fig. 2.1. IRTA A. 



Lemma 1. JTJ\j Let A = (L, L , S, X, E, F) be an IRTA and v be a clock valu- 
ation in any given run in A. Then Vx, y E X, frac(v(x)) = frac{v{y)). 

2.2 IRTA Regions 

In this section, we look at the regions TZ of an IRTA. Given a set X of clocks, let TZ 
be a finite partitioning of . The notions of successor of a region, compatibility 
with guards and compatibility with resets are same as mentioned earlier. 

Let c m E N be the maximum constant occurring in the guards C(X) of the 
IRTA A. For the set of clocks X, define a set of intervals X as 

1= {[c}\0<c< c m }U{(c,c+l)|0 < c< c m }U{(c m ,oo)} 

We denote the clock interval of t E T as (t)x- For example, if c m = 2, then 
(l)z = [1], (l-2)i = (1,2) and (2A) X = (2,oo). 

Let a be a tuple ((I x )xex, -*0 where (i) I x E I is the clock interval of x E X, 
(ii) -< is a total preorder on Ao = {x E X \ I x is of the form (c, c + 1)}. 
The region associated with a is the set of valuations v E T x such that for all 
x E X, v(x) E I x and for all x, y E Xq, x ~< y iff frac(u(x)) < frac(u(y)). 
Since the fractional parts of all clocks are same always (Lemma [T]), we can drop 
the preorder -< and consider a to be ((I x ) x£ x)- For x E X, a{x) = I x . The 
set of all such tuples a partitions T A ' and this is the set we consider to be 
TZ. For a valuation v, the clock region it belongs to is denoted as For 
example, if v(x) = 2.3, u(y) = 1.3, c m = 3, then {v)n = ((2, 3), (1, 2)). We drop 
the subscripts for the notations {t)x and {v)n whenever they are clear from the 
context. 

Consider the set of clock intervals I and the set of clock regions TZ defined 
for the set of clocks X with the maximum clock constant being c m . For two 
clock intervals I\ , I2 E I, we define 7j + I2 as the clock interval I E I such 
that Vti E Ii,Vt2 E J2, 3t E I, such that t = t\ + ti- For a clock region 
a = ({Ix}x£x) £ and a clock interval I E X, we define a + I as the region 

Definition 1. Two timed words p = (a\, ti)(<72, t2) • • • (cr n , t n ) and p' = 
(01, i'x)(c2, t' 2 ) ■ ■ ■ (cr' n , t' n ) are said to be equivalent denoted by p = p' iff for all 
i the following holds (1) o~i = o\ and (2) int(ti) = intit^), frac(ti) = iff 
fracit' t ) = 0. ' 



Lemma 2. If A is an IRTA and p = p' then, p G L{A) iff p' G L(A) TTTj . 



Consider the timed automaton A in figure 12.21 and two timed words p\ = 
(a, 0.5)(c, 1.5) and p2 — {a, 0.5)(c, 1.4). p\ = p2- However pi G L(A) while 
p2 $ L(A). This shows that lemma [2] need not hold for a timed automaton 
which is not an IRTA. 



a, < x, y < 1? 




6,0 < y < 1? 

Fig. 2.2. Timed automaton A which is not an IRTA. 

Integral, Non-integral, Saturated region : Let a = ((I x )xex) € 72- an d let X m C 
X be such that \/x G X m , I x = (c m , oo). (i) a is said to be saturated if X m = X, 
(ii) a is said to be integral if Va; G A \ X m , with X OT C X, ^ is of the form [c], 
and (hi) a is said to be non- integral if Va; e A \ X m , with X m C X, 4 is of the 
form (c, c + 1). If A is an IRTA, and a is a region of .4, then a can be classficd 
as one of integral, non- integral or saturated region (Lemma [T] implies this). The 
union of the integral, saturated regions is denoted by TZi. Following [7], we have 

Lemma 3. The set 1Z of IRTA regions forms a set of regions. TZ is compatible 
with the clock constraints C(A) and with the set 2 X of clock resets. 

3 Clock reduction and determinization of IRTA 

In this section, we give a technique to obtain given an IRTA A with k > 1 clocks, 
an IRTA A 1 with one clock n. As the constraints in A 1 are over a single clock n, 
we can consider each constraint to be a disjunction of clock intervals from the 
set X. For example, a constraint n<2An>lona transition from s to t can 
be expressed as three transitions from s to t on n G [1], n G (1,2) and n G [2] 
respectively. Let c m be the maximum constant used in the guards of A. Given 
a clock region a of A and a constraint ip 1 of the form «£/„,« + ip 1 consists of 
valuations obtained by adding /„ to each interval I x in a (as defined in Section 
[2]). For example, if a = (1 < x < 2, < y < 1) and ip 1 = n G [1], then a + ip 1 
consists of the valuations (2 < x < 3, 1 < y < 2). For a constraint <p over X, the 
relation a + (p 1 \= ip x& v \= tp for all v G a + ip . So, if </? is y > 2, then in the 
example above, a + ip 1 \/= p. However, a + ip 1 \= y > 1. This notation will be 
used in the following construction. 

3.1 Clock reduction 

Given an IRTA A = (L,L ,E,X,E,F) construct a one clock IRTA A 1 = 
(L 1 , Lq, E, {n}, E 1 ^ 1 ) as follows: 



L 1 C L x 7?./, IZi is the set of integral and saturated regions; 
L\ = L x {a } where a = ([0], [0], • • • [0]); 
F 1 CFx Kr, 

E 1 C L 1 x S xlx2^ x L 1 is the set of transitions. A transition (I, a) a 'f—$ 

(l 1 , a') is defined iff there exists a transition I a -^f I 1 i n E such that 

• a + ip 1 |= ip, 

• a' = {a + tp 1 )^ := 0] if (f> ^ 0; a' = a if = 0, 

• 1 = {n} iff is non-empty. 

a, n < 1? a, n < 1? 




1? 

Fig. 3.1. One clock IRTA A 1 corresponding to the IRTA A in FigureO 501 
represents the location 5, (x = 0, y = 1) 

By construction, the region component a in the locations (/, a) of A 1 is 
updated only whenever a reset happens in .A. Since resets happen only at integer 
time units, the region components arc always integral. A reset in A results in 
resetting n in A 1 ; the value of n is otherwise the time elapsed between two resets. 
Next, we prove that A and A 1 accept the same timed language. 

In the following proof, we represent a state ((l,a),n) of A 1 as (l,a,[i) and 
use the notation v = a + \i to represent that for all x £ X, v{x) = c x + fj,(n) 
where [c x ] = a(x). 

Theorem 2. Let A be an IRTA and let A 1 be the one clock IRTA obtained using 
the above construction. Then L(A) = L(A 1 ). 

Proof. L(A) C L{A l ): Consider a run (l ,u' ) (fo^x) ai ^ 1 

in A of length one. By construction of A 1 , there is a run (Zo,Q!o,Mo) 

(l ,a ,fJ-i) (l^aufi'-j) where fi' = 0, a + <p\ \= <pi- p\ is n E (h). 

Also, i/q = oto + fx' , v\ = (Mq + /ii, v[ = a\ + irrespective of <p\. 

Assume the result for all runs of length < m. Consider a run of A of length 

m. Let ((o,f ) >■ (<0,^l) ► - ► (<m-2,^m-l) — > 

(L-ii«!n-i) (im-ijt'm) """-^ (i m , i/^J be a run in A correspond- 

ing to (<Ti, fi) . . . (o~ m , t m ). Consider the subrun (Iq,i>' ) — "->■ (Zqj^x) ai ^4 1 
m 1 '^mz^ 1 ' m 1 (l m _ i} v! m _x). By induction hypothesis, we can ob- 
tain a run of length to — 1 in A 1 which ends in (i TO _x, a m _i, /U m — x)- The 

subrun in A extends as (Jm-i, i^i-l) Qm-l^m) (7m '^^^ m (l mi v' m ). We 
know that v rn |= </? m and v rn = + (i m — im-x)- From induction hy- 

pothesis, we also know that v' m _ 1 = a TO _i + Mm-x- Hence there should exist 

edges (Z m _i,a m _i,/i^_ 1 ) (Zm-i, fJm) m '-^V (l m ,a m , fi' m ). Since 



v m = a m -i + Mm h <Pm, and a TO _i + <p\ n |= ip m , we have ip^ = n € (/x m (n)), 
and z^ m = a m + /ij„- Clearly, (cri , 1 1 ) . . . (o~ m ,t m ) is in ^(^l 1 ) whenever it is in 
L(A). See Appendix 1X1 for an example. 

L{A l ) C L(.4): The above argument can be traced backward to argue this. □ 

6,0 < n< 1? 




Fig. 3.2. One clock automaton .4 1 for the timed automaton in the Figure |2"T21 
T(0, 1)0 represents the location T, (0 < x < 1, y = 0). 

However, it must be noted that this technique works because .4 is an IRTA. 
The fact that resets happen at globally integral times has helped us retain in n 
the time elapsed between two resets. See the automaton A 1 in Figure 13721 which is 
obtained by applying the above technique to the timed automaton A in Figure 
12.21 In the Figure 13.21 consider the location [50(0, 1)] and the outgoing edge 
[50(0, 1)] > 0<? !£4 ?n: = [ T ( 0; 1)0] (dotted in the figure). This edge corresponds to 
the edge 5 a ' <x, l^.' v ' T \n Aoi Figure [2721 Here the requirement a + tp 1 (= <p 
of the construction does not hold - not all valuations in (a; = 0, < y < 1) + (0, 1) 
satisfy the constraint < x, y < 1. To satisfy < x, y < 1, we need to know 
the exact value of y. This can be achieved by (1) having a fresh clock containing 
value of y or (2) remember the value of y in the location. Option (2) would give 
rise to infinitely many locations in place of [50(0, 1)]. To sum up, the technique 
described above to reduce the number of clocks to one does not work for timed 
automata in general. It is worthwhile to mention Finkel's result [9] that the 
problem of the minimization of the number of clocks of a timed automaton is 
undecidable. 

Complexity The definition of A 1 shows that the number of locations is at most 
\L\ x \1Zi\ = \L\ x [cm + 2] > x \. However, E 1 reveals that the region part of in (I, a) 
changes only if the corresponding edge in A resets at least one clock. Hence all 
the locations in L 1 have integral regions with at least one of the clocks having 
the interval [0]. Thus the total number of locations in A 1 is l-L 1 ! < |L|.[(c m + 
2)I J<: I — (c m + l)' x ']- Lemma |4] shows that this bound is indeed tight. 

Lemma 4. There is an IRTA A such that the smallest one clock IRTA A 1 
corresponding to it has exactly |L|.[(c m + 2)'^' — (c m + l)' x '] locations, where L 
is the set of locations of A, X is the set of clocks of A and c m is the maximum 
constant used in the guards of A. 



Proof. Consider the IRTA A = (L,L ,E,X,E,F) in Figure EH having two 
clocks. The one clock IRTA A 1 in Figure [531 has exactly \L\.[(c m + 2)\ x \ - (c m + 
1)'^'] number of locations. c x ,n = 0? 

b x ,n = l?n := 




Fig. 3.3. Deterministic IRTA A and its one clock IRTA A'. The symbols 
represent the following timed transitions : d\ ::= a Xl x = y = llx := 0, 
g?2 ::= CLy, x = y = lly := 0, ::= c Xl x = A y > 1?, d± ::= c y , y = A x > 11, 
d$ ::= b y ,x > 1 A y = lly := 0, da ::= fr^, a; = 1 A y > llx := 0. 1 + denotes all 
values > 1. 



The language accepted by A is L(A)={(a x , 1), (a y ,l), ( a xA)(b x ,2), 
(a y ,l)(b y ,2), (a x ,l)(b x ,2)(c x ,2)(b x ,3), (a y , l)(b y , 2)(c y , 2)(c H , 2), . . . }. Clearly, 
untime(L(A)) = a x (b x c*)* + a y (b y c y )* . It is easy to see that the minimal 
(deterministic, not complete) automaton T> accepting untime(L(A)) requires 
5 locations (use the standard Myhill-Nerode argument). Decorating this with 
appropriate constraints (see below), we obtain a one clock IRTA A 1 accepting 
L(A). 

To argue that A 1 is the smallest one clock IRTA accepting L{A) is easy: 
(1) To accept (a x , 1), (a y , 1), we need two locations s,t (s is the initial location) 

a x ,a y ,n=l?,n:— 

with s — > t; (2) To accept (a x , l)[b x , 2), we reset the clock n on the 

b x ri=l ? 

transition from s to t and add t XJ — > s. But this would mean accepting illegal 
words like (a y , l)(b x ,2), (a y , 1)(6 X , 2)(a x , 2) as well, hence we need to add new 

a„,n=l?n:=0 a y ,n=r>n:=0 f> x ,„ = l? 

locations u, v and replace s — > t with s — > u and replace t — > 
s with t b *< n zl<?"~ v - (3) After (2), to accept (a X} l){b Xl 2){b Xl 3) . . . (b x , n) . . . , 
we need a loop on b x resetting n every time n = 1. This is easily done by adding 

b x ,n— l?n:— m • i r i • i • l l 

u — >■ io incorporate any number 01 c x s without time elapse, we also 

c n— 0? 

add v XJ — >■ w. A similar argument will show that we need one more location 
w to take care of b y ,c y . It can be seen that what we obtain is precisely A . □ 



3.2 Determinization 

In this section, we give a technique to obtain from an IRTA A, a one clock 
deterministic IRTA A d . 

Given an IRTA A = (L, Lo, S, X, E, F), a language equivalent one clock 
deterministic IRTA A d = (L d , L$, S, {n}, E d , F d ) is constructed as follows: 



- L d C 2 Lx1Zl , where IZi is the set of integral and saturated regions; 

- L d = U^o x {a } where a = ([0], [0], ■ • • [0]); 

- F d = {A G L d | A contains some {I, a), I 6 F}; 

- £ d C L d x £ x 2 x 2<"> x L d is the set of transitions. Let A = 
{(h,ai),...,(l n ,a n )}. A transition ^4 '^-f B e -E d iff 

• For each (Zi,«i) G A, if there exists in E an edge l{ a '^^.' \' such that 
a % + </ h= ¥>i then (Z<,a<) G B, 

• d = {n} iff 0, ^ for some « G {1,2,... n}, 

• If = {} then a' ; = «i for all i. If ^ d = {n}, then a' ; = + fd[<Pi '■= 0] 
when <j>i ^ {} and = a.\ + when fa = {}. 

Figure EH] gives the deterministic one clock IRTA A d obtained for the IRTA A in 
Figure 12.11 Note that the same can be achieved by determinising A 1 (of Figure 
13.11) in the same way [see Appendix [B] . 

The technique outlined above is very similar to the one studied in the Section 
13.11 except that it performs subset construction along with clock reduction. For 
example consider the automata A, A 1 and A d in Figures l!01 13. II and !3.4l respec- 
tively. A is non-deterministic at the location Sono when x = 1, since it has two 
edges, one to S itself and other to T which resets y. A 1 focuses only on clock 
reduction and retains this non-determinism at location 5*00 on a when n = 1 
by having two edges one to 5"00 and other to T10. However, A d is obtained by 
performing subset construction along with clock reduction. Thus in A d the edge 
corresponding to the non-deterministic edges is {S'OO} "'"tIl^ -0 {5H ; T10}. 
We update the region component of S'OO to 511 in the target state to reflect 
the difference between the values of x in locations 5 and T in A after the edge. 
Hence, the edge a, n = 0? from {511, T10} (due to 511) requires no time elapse 
as a is valid from 5 when x = 1? (which is the value of x in 511). 



a, n < 1? a,n — 0? a, n < 1? a, n = 0? 




6,n = 1? 



Fig. 3.4. Deterministic one clock IRTA A d corresponding to the IRTA in Figure 

Theorem 3. Let A be an IRTA and let A d be the deterministic one clock IRTA 
constructed above. Then L(A) = L(A d ). 

The proof is similar to the proof of Theorem [2] taking into consideration the 
subset construction. 



Complexity From the definition of A d given above, L d C 2 Lxn ' . Hence \L d \ < 

2 \L\*\Ki - 1 = 2 |i|*(c m +2) |X| _ I 



Lemma 5. There is a non- deterministic IRTA A such that the smallest deter- 
ministic one clock IRTA A 1 corresponding to it has exactly 2' L * ( c >™+ 2 ) — 1 
locations, where L is the set of locations of A, X is the set of clocks of A and 
c m is the maximum constant used in the guards of A. 

Proof. See Appendix ICl □ 



4 IRTA - Summary 

We have given a simple and elegant technique to detcrminizc the class IRTA and 
to reduce the number of clocks. The complexity bound we obtain is also optimal. 
If we allow e moves in the IRTA A, we can follow the clock reduction technique 
explained above by treating e as a special symbol. 

5 Integer resets in stopwatch automata 

Stopwatches are variables whose rate of growth is either or 1. Stopwatch au- 
tomata (SWA) [S] obtained by adding stopwatches to timed automata render 
reachability undecidablc while being expressively equivalent to linear hybrid au- 
tomata [2|. Reachability is decidable for interrupt timed automata (ITA) [BJ, a 
variant of SWA with linear constraints, linear updates and restrictions on rates 
of growth and use of stopwatches in updates as well as constraints. To the best of 
our knowledge, this is the only known decidable variant of SWA. In this section, 
we explore the idea of integer resets in the context of stopwatch automata and 
define Integer Reset Stopwatch Automata (IRS A). We show that reachability 
is decidable for IRSA if diagonal constraints are not allowed. Further, in the 
absence of diagonal constraints, IRSA is dctcrminizablc, and closed under com- 
plementation, union and intersection. Undcciability of rechability of IRSA with 
diagonal constraints indicates that IRSA and ITA are incomparable. 

An integer reset stopwatch automaton (IRSA) is a stopwatch automaton 
A = (L, Lq, S,X, Z, E, F,r)) where (i) L,Lo,F,X and E are the same as in 
timed automata; (ii) Z is a set of stopwatches; (hi) n : L —> {0, assigns the 
rate of growth of stopwatches in locations; (iv) E C Lx Lx E x C(XL)Z) x 2 XuZ 
is the set of transitions such that for every e = (I, I', a, ip, </>) £ E, whenever 4> ^ 
or r](l) t?(Z')j f consists of at least one atomic clock constraint of the form (a) 
x = c, for some x £ X, c £ N, (b) z = c for some z £ Z, c £ N provided 

n(i)(z) = i. 

The valuations of all variables is v : X U Z — > T. Time elapse of t units in 
a location I £ L, denoted as v + t is as earlier (in Section [2]) for clocks. For 
stopwatches it is defined as Vz £ Z, v + t(z) is v(z) +t if r/(l)(z) = 1, and is u{z) 
if rj(l)(z) = 0. Constraint satisfaction v |= ip and resets v\<j> := 0] are interpreted 
as defined earlier. It is easy to see that the semantics of IRSA are largely similar 
to those of timed automata. We follow the same notations as in Section [5J 



Proposition 1. Let A be an IRSA and v be a valuation in any given run of A. 
Then Vx, y £ X U Z, frac{v{x)) = frac(v(y)). 



This proposition follows as a direct result of the definition of IRSA and Lemma 
[1] It allows us to consider 1Z as the set of IRSA regions partitioning T XuZ . 
These are the same as IRTA regions (defined in Section [5]) over the set X U Z. 



Given an IRSA A, we give a technique to convert it into a language equivalent 
IRTA B. The construction is along the same lines as clock reduction in Section 
13.11 Wc consider the locations of B to be L x TZj. Given a location (I, a) of B, 
and a transition (I, a) — > (I', a'), a is updated to a' on edges I — > I' of A 
that (i) reset a clock or stopwatch or (ii) rj(l) ^ For each stopwatch z in 

A, there is a clock x z in B simulating z. We consider atomic constraints in A 
to be of the form x £ I where x £ X U Z and I £ I. For example, an edge 
with constraint x — 2 A z < 1 can be represented as two edges with constraints 
x £ [2] A z £ [0] and x £ [2] A z £ (0, 1) respectively. The formal construction of 
B from A is given below. 

Given an IRSA A = (£, L , S, X, Z, E, F,T)) construct an IRTA B = 
(L',L' Q ,S,X U Z',E',F') as follows: (i) L' C L x IZi, Tli is the set of in- 
tegral and saturated IRSA regions over IUZ; (ii) L' Q = Lq x {a } where 
a = ([0], [0], • • ■ [0]); (hi) F' C F xTZi; (iv) Z' is a set of new clocks such that 
for every z £ Z, there is a unique clock x z in Z' corresponding to z via a bijec- 
tion Z' ^ Z; (v) E' C L' x £ x C(X U Z 1 ) x 2 XuZ ' x L' is the set of transitions. 

A transition (I, a) a '^—f (l',a') is defined iff there exists a transition I a -^f I 1 i n 
E such that 

(a) 3 I £ I such that a + I \= ip. Vx £ X, (a + I)(x) = a(x) + I and 
Vz £ Z, (a + I)(z) = a(z) + I if r)(l)(z) = 1, else (a + I){z) = a(z); 

(b) if' is obtained by replacing z £ c + a(z) in (p by x z £ c, for all z £ Z; 

(c) = n A) U Z' if ^ or r](l) ^ r/(r). Otherwise, 0' = 0; 

(d) a' = (a + := 0] if <j)' ^ 0; else a 1 = a. 

Each time a reset occurs or a rate changing edge is taken in A, the corre- 
sponding edge in B resets all clocks in Z' and updates a to contain the latest 
values of stopwatches. Hence constraints involving Z 1 should pertain to the elapse 
since the last update of a. Thus, the constraints in B replace z £ c + a(z) by 
x z £ c. Appendix [D] gives an example of this construction and establishes that 
the resulting timed automaton is indeed an IRTA. 

Lemma 6. Let A be an IRSA and B be the IRTA constructed as above. Then 
L(A) = L(B). 

Corollary 1. Reachability is decidable for the class IRSA. Further, it is closed 
under all boolean operations. 

Lemma |B] can be proved along the lines of Theorem [21 Corollary Q] follows from 
Lemma [BJ Theorem [3] and decidability of emptiness of timed automata [3]. Note 
that the timed automaton B has at most \L\ x (c m + 2)l XuZ l locations where 
c m is the maximum constant used in the constraints of A. This bound can be 
proved to be tight employing the same technique as in Lemma 0J 



IRSA with diagonal constraints : It is well known that diagonal constraints 
do not add to the expressive power of timed automata. However, we note that 
diagonal constraints involving stopwatches renders reachability undecidable for 
IRSA. It is easy to see that Minsky's two counter machine can be simulated using 
3 stopwatches Xi, X2, x% and one clock g by following the encoding c\ = x\ — x% 
and C2 = X2 — for counters c\ , ci . Incrementing C2 is accomplished by a 

transition — ^ (S) 9 — % ° where tj(S)(x3) = and T](S)(xi) = l,Vi < 3. A 
simple diagonal constraint x\ — x^ = 0? is sufficient to check if c\ is zero. 

Acknowledgement: We thank the anonymous reviewers for useful comments. 
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Appendix 



A Equivalent runs in A. and A 1 

Consider the IRTA A in Figure 12.11 and its corresponding one clock IRTA A 1 in 
Figure 13.11 We now show a demonstration of the proof of Theorem [2] with an 
example. Recall that a state in A is of the form (ij, {v[{x), v'i{y))) and a state in 
A 1 is (k, (ai(x), ai(y)), /4(n)). We shall denote the clock intervals [0], [1], (l,oo) 
as 0, 1, 1 + respectively. 

Consider a timed word p = (a, 0.5) (a, l)(a, 1)(&, 2) (a, 3). The run correspond- 
ing to p in A is r = (5,(0,0)) -^4 (5,(0.5,0.5)) a ^ (5,(0.5,0.5)) -i* 
(5,(1,1)) ^ (5,(1,1)) (5,(1,1)) a < x= 2If = ° (T,(1,0)) A 

(T, (2, 1)) b '«==Hf !=0 (5 ? ( 0j l)) A (5, (1, 2)) (T, (1, 0)). There exists a run 
r 1 in .4 1 corresponding to p given by r 1 = (5, (0,0), 0) -°4 (5, (0,0), 0.5) 
(5, (0,0), 0.5) (5,(0,0),1) Q ^ (5,(0,0),1) -±> (5,(0,0),1) a <™^I? :=0 
(T,(1,0),0) A (T,(1,0),1) b '"=i!i? :=0 (5,(0,1),0) A (5,(0,1),1) °'"=i!^ :=0 
(T, (1, 0), 0). It is easy to see that v[ = a, t + p^ holds for all i. 



B Determinization of A. 



In Section [3. 1[ we saw how to build a one clock possibly non-deterministic IRTA 
A 1 for a given IRTA A with any number of clocks. As A 1 is also an IRTA, we 
can apply the same technique outlined in Section 13.21 to obtain a deterministic 
one clock IRTA A ld . From Theorems [2] and El we know that L(A) = i(»4 1 ) and 
LiA 1 ) = L(A ld ). Hence L(A) = L(A ld ). 

The Figure IB . 1 1 shows the deterministic one clock IRTA A ld obtained from 
A 1 in Figure 13.11 following definition in Section 13.21 Note that A ld is the same 
as A d in Fi gure 13.41 



a, n < 1? a, n — 0? a, n < 1? a, n = 0? 




6,n = 1? 



Fig. B.l. The deterministic one clock IRTA „4 ld corresponding to the IRTA A 1 
in Figure O Here A, B and C rcprcsnt the locations 500, 7T0 and 501 of A 1 
respectively. 



C Proof of Lemma 



Consider the non-deterministic IRTA A in Figure IC.ll It is clear that A d in 




eO, a2 eO, a2 oO, a2 



Fig. Cl. IRTA A and its deterministic IRTA A'. The locations 51, 52, 53, 54, 
55, 56 and 57 represent {5,0}, {(5, 0), (5, 1)}, {(5,1)}, {(5, 0), (5, 1), (5, 1+)}, 
{(5,0), (5,1+)}, {(5,1), (5,1+)} and {(5,1+)} respectively. Here the symbols 
represent the following timed transitions d% ::= b, x = 1?, x := 0, c?2 '■■= b, x > 1?, 
^3 ::= c, x = l?x := 0, d 4 ::= c, x > 1?, d$ ::= e,x > 1?, bO ::= b,n = 0?, 
61 ::= b,n = 17, n := 0, cO ::= c, n = 0?, cl ::= c, n = l?,n := 0, eO ::= 
e, n = 0?, el ::= e, n = 1?, a0 ::= b, n = 0?;c, n = 0?;e,n = 0?, al ::= b,n G 
(0,1)?; c,n G (0,1)?; e,n G (0,1)?, a2 ::= b, n > 0?;c,n > 0?;e,n > 0? and 
a3 ::= b,n > 1?; c,n > 1?; e, n > 1?. 

The proof of Lemma [5] follows from the automaton A d in Figure IC.ll 
D Details of Section [5] 

is an IRTA : From the definition of £>, it is easy to observe the following. 

— For every resetting edge e in A, there is a resetting edge e' in £> that resets 
all clocks in Z' in addition to clocks mentioned in e. 

— For every rate changing edge (source and target have different rj values) e 
in A, there exists an edge e' in B which resets all clocks in Z' . 

By definition of A, we are assured that these kinds of edges occur at integer time 
units as they are accompanied by atomic constraints of the form (a) x = c, for 
some x G X, c G N, (b) z = c for some z £ Z, c G N provided r](l)(z) — 1. Now 
consider the corresponding constraints in £>. 

— If all the atomic constraints are over A, then they are the same in 0. 

— If the atomic constraints in A involve z — c (same as z G [c]) then the 
corresponding constraint in B is of the form x z G [c] — ct(z). As a £ 7£j 



over X U Z, a(z) is either integral or saturated. If a{z) is integral then 
[c] — a(z) is also integral. If a(z) = (c m , oo), then we are assured that there 
is no constraint of the form z = c,c > c m in A and hence no constraint 
x z G [c] — a(z) in B. 

From the above argument, it is clear that all resetting edges in B are accompanied 
by atomic constraints of the form x G [c], x G X U Z' . Thus, B is an IRTA. 

An IRSA A. and its language equivalent IRTA B 




d,g<17 

Fig. D.l. IRSA A with clocks x, y and stopwatches g,h. The location (T, 10) 
indicates that r)(T)(g) = 1 and Tj(T)(h) = 0. 




Fig. D.2. Timed automaton B which is language equivalent to IRSA in Figure 
ID. II Here the clock intervals [0], [1], (1, oo) are represented as 0, 1, 1 + respectively. 
Location (T, 1101) stands for (T, (x = 1, y = l,g = 0, h = 1)). The set of clocks 
to be reset is indicated on each edge. Clocks e, / simulate the stopwatches g 7 h 
respectively. 



Proof of Lemma [6] : 



Language equivalence L(A) = ^(.A 1 ) in Theorem [2] was established by proving 
that for a run in A there exists a run in A 1 such that v[ = always. A similar 



proof which inducts on the number of symbols in a timed word can be given for 
Lemma [5] too. The hypothesis is that for a state (h,^) there exists a state 
(k, an, fi'i) in B such that v[ n X = \i • n X and Vz £ Z, v[{z) £ QLi(z) + (^-(a; z )). 
Thus, ^'(z) |= z e c + ai(z) iff ec f° r au 



